If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Non Database Level Security

I have a time recording database system. All data is entered via web forms to an oracle database.
Basically there are three program parts: the data entry, the data checker, and the report generation.
The only security in place is a table holding login details (username + password). Oracle security can't be used cause the DBA has yet to give everone an oracle account (maybe some day though).
Everyone has access to the data entry form, some also have access to checker and some options on the reports, others may have access to reports, but not the checker. What I wan't to know is how i should break down this into security levels.

I would like to add a single column to the login table with the access permissions, but the rights don't increase in a logical order (ie 1-9).

Also, does anyone know of any good guides on designing multi level security systems?